https://wiki.idesg.org/index.php?action=history&feed=atom&title=Secure_Req_12 2026-04-16T10:03:56Z Revision history for this page on the wiki MediaWiki 1.38.4 https://wiki.idesg.org/index.php?title=Secure_Req_12&diff=6574&oldid=prev 2018-06-28T04:03:34Z

<p>9 revisions imported: Initial Upload of old pages from IDESG Wiki</p> <p><b>New page</b></p><div>&#039;&#039;&lt;&lt; Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]&#039;&#039;<br /> <br /> == SECURE-12. RECOVERY AND REISSUANCE ==<br /> Entities that issue credentials and tokens MUST implement methods for reissuance, updating, and recovery of credentials and tokens that preserve the security and assurance of the original registration and credentialing operations.<br /> <br /> === SUPPLEMENTAL GUIDANCE ===<br /> Procedures must be in place to reasonably prevent hijacking of an account through recovery and<br /> reset options: a common vector for identity thieves and other attackers. At a minimum, service<br /> providers must provide reset, recovery, and reissuance procedures that afford a commensurate level of<br /> security to the processes used during the initial registration and credentialing operations. These<br /> procedures may include out-of-band verification, device identification, or any combination of similar<br /> techniques used to increase the security of reset, reissuance, and recovery options while also meeting<br /> [[Baseline_Functional_Requirements_v1.0#Usability|IDESG Usability Requirements]] (USABLE-1 through USABLE-7).<br /> <br /> === REFERENCES ===<br /> FICAM TFPAP Trust Criteria “Token &amp; Credential Management”), LOA 2-3, #1, #2, #4, TFPAP Trust<br /> Criteria, Management and Trust Criteria, LOA 2-3, #3,#4, #6 (p.35); PCI-DSS v 2.0- 8.5.2 (p. 48)<br /> (corresponds to 8.2.2 in PCI-DSS v3. – p.67); NIST SP 800-63-2, Token and Credential Management<br /> Activities 7.1.2 (p. 58)<br /> <br /> === APPLIES TO ACTIVITIES ===<br /> [[IDEF Functional Model REGISTRATION|REGISTRATION]], <br /> [[IDEF Functional Model CREDENTIALING|CREDENTIALING]]<br /> <br /> === KEYWORDS ===<br /> [[IDEF Keywords ACCOUNT|ACCOUNT]], [[IDEF Keywords CREDENTIAL|CREDENTIAL]], [[IDEF Keywords EXPIRY|EXPIRY]], [[IDEF Keywords LOSS|LOSS]], <br /> [[IDEF Keywords PROCESS|PROCESS]], [[IDEF Keywords PROVISIONING|PROVISIONING]], <br /> [[IDEF Keywords RECOVERY|RECOVERY]], [[IDEF Keywords SECURITY|SECURITY]], [[IDEF Keywords TOKEN|TOKEN]]<br /> ----<br /> ----<br /> Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br /> <br /> ----<br /> ----</div>

Omaerz